github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

SSL.com: Add support for ECC and RSA mode

pull/168/head
Richard Körber 2024-02-26 18:21:13 +01:00
parent 98ef2b8466
commit 081e53f137
No known key found for this signature in database
GPG Key ID: AAB9FD19C78AA3E0
4 changed files with 61 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
acme4j-client/src/main/java/org/shredzone/acme4j/provider/sslcom/SslComAcmeProvider.java
View File

@ -34,8 +34,10 @@ import org.shredzone.acme4j.provider.AcmeProvider;
*/ */
public class SslComAcmeProvider extends AbstractAcmeProvider { public class SslComAcmeProvider extends AbstractAcmeProvider {
private static final String PRODUCTION_DIRECTORY_URL = "https://acme.ssl.com/sslcom-dv-ecc"; private static final String PRODUCTION_ECC_DIRECTORY_URL = "https://acme.ssl.com/sslcom-dv-ecc";
private static final String STAGING_DIRECTORY_URL = "https://acme-try.ssl.com/sslcom-dv-ecc"; private static final String PRODUCTION_RSA_DIRECTORY_URL = "https://acme.ssl.com/sslcom-dv-rsa";
private static final String STAGING_ECC_DIRECTORY_URL = "https://acme-try.ssl.com/sslcom-dv-ecc";
private static final String STAGING_RSA_DIRECTORY_URL = "https://acme-try.ssl.com/sslcom-dv-rsa";
@Override @Override
public boolean accepts(URI serverUri) { public boolean accepts(URI serverUri) {
@ -47,10 +49,14 @@ public class SslComAcmeProvider extends AbstractAcmeProvider {
public URL resolve(URI serverUri) { public URL resolve(URI serverUri) {
var path = serverUri.getPath(); var path = serverUri.getPath();
String directoryUrl; String directoryUrl;
if (path == null || path.isEmpty() || "/".equals(path)) { if (path == null || path.isEmpty() || "/".equals(path) || "/ecc".equals(path)) {
directoryUrl = PRODUCTION_DIRECTORY_URL; directoryUrl = PRODUCTION_ECC_DIRECTORY_URL;
} else if ("/staging".equals(path)) { } else if ("/rsa".equals(path)) {
directoryUrl = STAGING_DIRECTORY_URL; directoryUrl = PRODUCTION_RSA_DIRECTORY_URL;
} else if ("/staging".equals(path) || "/staging/ecc".equals(path)) {
directoryUrl = STAGING_ECC_DIRECTORY_URL;
} else if ("/staging/rsa".equals(path)) {
directoryUrl = STAGING_RSA_DIRECTORY_URL;
} else { } else {
throw new IllegalArgumentException("Unknown URI " + serverUri); throw new IllegalArgumentException("Unknown URI " + serverUri);
} }

20
acme4j-client/src/test/java/org/shredzone/acme4j/provider/sslcom/SslComAcmeProviderTest.java
View File

@ -28,8 +28,10 @@ import org.junit.jupiter.api.Test;
*/ */
public class SslComAcmeProviderTest { public class SslComAcmeProviderTest {
private static final String PRODUCTION_DIRECTORY_URL = "https://acme.ssl.com/sslcom-dv-ecc"; private static final String PRODUCTION_ECC_DIRECTORY_URL = "https://acme.ssl.com/sslcom-dv-ecc";
private static final String STAGING_DIRECTORY_URL = "https://acme-try.ssl.com/sslcom-dv-ecc"; private static final String PRODUCTION_RSA_DIRECTORY_URL = "https://acme.ssl.com/sslcom-dv-rsa";
private static final String STAGING_ECC_DIRECTORY_URL = "https://acme-try.ssl.com/sslcom-dv-ecc";
private static final String STAGING_RSA_DIRECTORY_URL = "https://acme-try.ssl.com/sslcom-dv-rsa";
/** /**
* Tests if the provider accepts the correct URIs. * Tests if the provider accepts the correct URIs.
@ -41,7 +43,11 @@ public class SslComAcmeProviderTest {
try (var softly = new AutoCloseableSoftAssertions()) { try (var softly = new AutoCloseableSoftAssertions()) {
softly.assertThat(provider.accepts(new URI("acme://ssl.com"))).isTrue(); softly.assertThat(provider.accepts(new URI("acme://ssl.com"))).isTrue();
softly.assertThat(provider.accepts(new URI("acme://ssl.com/"))).isTrue(); softly.assertThat(provider.accepts(new URI("acme://ssl.com/"))).isTrue();
softly.assertThat(provider.accepts(new URI("acme://ssl.com/ecc"))).isTrue();
softly.assertThat(provider.accepts(new URI("acme://ssl.com/rsa"))).isTrue();
softly.assertThat(provider.accepts(new URI("acme://ssl.com/staging"))).isTrue(); softly.assertThat(provider.accepts(new URI("acme://ssl.com/staging"))).isTrue();
softly.assertThat(provider.accepts(new URI("acme://ssl.com/staging/ecc"))).isTrue();
softly.assertThat(provider.accepts(new URI("acme://ssl.com/staging/rsa"))).isTrue();
softly.assertThat(provider.accepts(new URI("acme://example.com"))).isFalse(); softly.assertThat(provider.accepts(new URI("acme://example.com"))).isFalse();
softly.assertThat(provider.accepts(new URI("http://example.com/acme"))).isFalse(); softly.assertThat(provider.accepts(new URI("http://example.com/acme"))).isFalse();
softly.assertThat(provider.accepts(new URI("https://example.com/acme"))).isFalse(); softly.assertThat(provider.accepts(new URI("https://example.com/acme"))).isFalse();
@ -55,9 +61,13 @@ public class SslComAcmeProviderTest {
public void testResolve() throws URISyntaxException { public void testResolve() throws URISyntaxException {
var provider = new SslComAcmeProvider(); var provider = new SslComAcmeProvider();
assertThat(provider.resolve(new URI("acme://ssl.com"))).isEqualTo(url(PRODUCTION_DIRECTORY_URL)); assertThat(provider.resolve(new URI("acme://ssl.com"))).isEqualTo(url(PRODUCTION_ECC_DIRECTORY_URL));
assertThat(provider.resolve(new URI("acme://ssl.com/"))).isEqualTo(url(PRODUCTION_DIRECTORY_URL)); assertThat(provider.resolve(new URI("acme://ssl.com/"))).isEqualTo(url(PRODUCTION_ECC_DIRECTORY_URL));
assertThat(provider.resolve(new URI("acme://ssl.com/staging"))).isEqualTo(url(STAGING_DIRECTORY_URL)); assertThat(provider.resolve(new URI("acme://ssl.com/ecc"))).isEqualTo(url(PRODUCTION_ECC_DIRECTORY_URL));
assertThat(provider.resolve(new URI("acme://ssl.com/rsa"))).isEqualTo(url(PRODUCTION_RSA_DIRECTORY_URL));
assertThat(provider.resolve(new URI("acme://ssl.com/staging"))).isEqualTo(url(STAGING_ECC_DIRECTORY_URL));
assertThat(provider.resolve(new URI("acme://ssl.com/staging/ecc"))).isEqualTo(url(STAGING_ECC_DIRECTORY_URL));
assertThat(provider.resolve(new URI("acme://ssl.com/staging/rsa"))).isEqualTo(url(STAGING_RSA_DIRECTORY_URL));
assertThatIllegalArgumentException().isThrownBy(() -> provider.resolve(new URI("acme://ssl.com/v99"))); assertThatIllegalArgumentException().isThrownBy(() -> provider.resolve(new URI("acme://ssl.com/v99")));
} }

32
acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java
View File

@ -71,17 +71,29 @@ public class ProviderIT {
*/ */
@Test @Test
public void testSslCom() throws AcmeException, MalformedURLException { public void testSslCom() throws AcmeException, MalformedURLException {
var session = new Session("acme://ssl.com"); var sessionEcc = new Session("acme://ssl.com/ecc");
assertThat(session.getMetadata().getWebsite()).hasValue(new URL("https://www.ssl.com")); assertThat(sessionEcc.getMetadata().getWebsite()).hasValue(new URL("https://www.ssl.com"));
assertThatNoException().isThrownBy(() -> session.resourceUrl(Resource.NEW_ACCOUNT)); assertThatNoException().isThrownBy(() -> sessionEcc.resourceUrl(Resource.NEW_ACCOUNT));
assertThat(session.getMetadata().isExternalAccountRequired()).isFalse(); assertThat(sessionEcc.getMetadata().isExternalAccountRequired()).isFalse();
assertThat(session.getMetadata().isAutoRenewalEnabled()).isFalse(); assertThat(sessionEcc.getMetadata().isAutoRenewalEnabled()).isFalse();
var sessionStage = new Session("acme://ssl.com/staging"); var sessionRsa = new Session("acme://ssl.com/rsa");
assertThat(sessionStage.getMetadata().getWebsite()).hasValue(new URL("https://www.ssl.com")); assertThat(sessionRsa.getMetadata().getWebsite()).hasValue(new URL("https://www.ssl.com"));
assertThatNoException().isThrownBy(() -> sessionStage.resourceUrl(Resource.NEW_ACCOUNT)); assertThatNoException().isThrownBy(() -> sessionRsa.resourceUrl(Resource.NEW_ACCOUNT));
assertThat(sessionStage.getMetadata().isExternalAccountRequired()).isFalse(); assertThat(sessionRsa.getMetadata().isExternalAccountRequired()).isFalse();
assertThat(sessionStage.getMetadata().isAutoRenewalEnabled()).isFalse(); assertThat(sessionRsa.getMetadata().isAutoRenewalEnabled()).isFalse();
var sessionEccStage = new Session("acme://ssl.com/staging/ecc");
assertThat(sessionEccStage.getMetadata().getWebsite()).hasValue(new URL("https://www.ssl.com"));
assertThatNoException().isThrownBy(() -> sessionEccStage.resourceUrl(Resource.NEW_ACCOUNT));
assertThat(sessionEccStage.getMetadata().isExternalAccountRequired()).isFalse();
assertThat(sessionEccStage.getMetadata().isAutoRenewalEnabled()).isFalse();
var sessionRsaStage = new Session("acme://ssl.com/staging/rsa");
assertThat(sessionRsaStage.getMetadata().getWebsite()).hasValue(new URL("https://www.ssl.com"));
assertThatNoException().isThrownBy(() -> sessionRsaStage.resourceUrl(Resource.NEW_ACCOUNT));
assertThat(sessionRsaStage.getMetadata().isExternalAccountRequired()).isFalse();
assertThat(sessionRsaStage.getMetadata().isAutoRenewalEnabled()).isFalse();
} }
/** /**

14
src/doc/docs/ca/sslcom.md
View File

@ -6,5 +6,15 @@ Available since acme4j 3.2.0
## Connection URIs ## Connection URIs
* `acme://ssl.com` - Production server * `acme://ssl.com`, `acme://ssl.com/ecc` - Production server, ECDSA certificate mode
* `acme://ssl.com/staging` - Testing server * `acme://ssl.com/rsa` - Production server, RSA certificate mode
* `acme://ssl.com/staging`, `acme://ssl.com/staging/ecc` - Testing server, ECDSA certificate mode
* `acme://ssl.com/staging/rsa` - Testing server, RSA certificate mode
## Note
* This CA requires [External Account Binding (EAB)](../usage/account.md#external-account-binding) for account creation. However `Metadata.isExternalAccountRequired()` returns `false` due to an error in the CA's directory resource.
## Disclaimer
_acme4j_ is not officially supported or endorsed by SSL.com. If you have _acme4j_ related issues, please do not ask them for support, but [open an issue here](https://github.com/shred/acme4j/issues).